Extracted

• • Target

    random.exe

  • Size

    1.7MB

  • MD5

    d20eda67a0693cb56f7cb8155259683c

  • SHA1

    e444a87e49ce539a49945abefeedf9e319cabb7d

  • SHA256

    fe6a1c9f0ba36efc7359452d246e2362492663eb469467632a116f98921cd6a3

  • SHA512

    5ac74605b396abd76dcdc70379a45878ef4bdefbcd2d5032593f22d91a98a0a4f8df81d68b68b94880f9405e92d1a7f8b0148c784a1d94cc48f04b7372334209

  • SSDEEP

    24576:oBv68FkWFoVWtNQVudpyYuvt39oQ2/1f7F/iZnKzr0eu18sEAIwOnUH:cCek8SWtqVudTUqjf78Znefu1sj

  Score

  10^/10

  stealctrumpdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2